Over 80% Of Breaches Still Result Of Poor Patch Management
A recent research study highlights the need for secure operations automation to close the gap between security and operations teams.
Join the DZone community and get the full member experience.Join For Free
Voke, inc., a modern analyst firm announced the publication of the new “Market Snapshot Report: Secure Operations Automation.”
The new independent survey of 318 participants from companies of varying sizes globally, focuses on the need to operationalize security through secure operations automation practices and solutions; and explores real-world insights about IT patch and compliance, automation, and operations security.
Key findings in the report include:
Percent of audit failures that occurred due to patches pending for various amounts of time (weeks to years).
Percent of breaches that occurred due to patches pending for various amounts of time (weeks to years).
Audit readiness ROI.
Remediation productivity ROI.
Remediation speed ROI.
While a plethora of security tools and solutions are in use, organizations still face a variety of security-related challenges including coordination of preventive measures between IT Security and IT Operations, patching security vulnerabilities, prevention of security breaches, and keeping up with evolving regulatory standards. The survey found that the automation of secure operations workflow is lacking, which leads to increased risk.
The goal of secure operations automation is to improve processes and technology to unite IT Security and IT Operations teams with more focus on collaboration and visibility. Secure operations automation allows the IT Operations team to take a more active role in IT security. While it is necessary for the two teams to remain independent, cooperation and collaboration are necessary to deliver better business outcomes.
“The emerging category of secure operations automation practices and technologies is being driven by the fact that basic security operations are still not effectively being executed on a consistent basis,” said Theresa Lanowitz, CEO, and founder of Voke. “By using secure operations automation practices and solutions, effective CIOs and CISOs are aiming to reduce the isolation and contention between these two valuable teams, and automate key security hygiene practices across their organizations.”
The survey found that organizations taking advantage of secure operations automation solutions and practices benefit from:
Effective management of patch backlog.
Improved audit readiness.
Increased remediation productivity.
Reduced open vulnerabilities.
Reduced security breaches with pending patches.
“Operationalizing security is critical to protecting the brand from ongoing threats,” said Lisa Dronzek, COO of Voke. “While the latest malware or DDoS attack may gain more public interest, it’s the backlog of patches to resolve known vulnerabilities that is a key factor putting businesses at risk for audit failures and security breaches.”
Participants of the survey identified the following products (in alphabetical order by vendor) as being part of a secure operations automation solution.
BMC BladeLogic Network Automation
BMC BladeLogic Server Automation
BMC Threat Director
Hewlett Packard Enterprise (HPE) Server Automation
LANDESK Patch Manager
Mesosphere Enterprise DC/OS
Microsoft System Center
Puppet Forge Modules
Red Hat Ansible Tower
ServiceNow Security Operations
Tanium Endpoint Platform
Tripwire Configuration Compliance Manager
VMware vRealize Configuration Manager
The report also provides assessment questions for organizations to leverage, to determine a company’s need and readiness for secure operations automation practices and solutions.
Opinions expressed by DZone contributors are their own.